#deooptimo

What do you mean?

Where is IP being restricted?

here's the exception i receive:

@plain epoch ^

i try to update the appropriate permissions to allow reading historical results. but that doesn't work because the restricted key doesn't have any IP restrictions. but how can i restrict IP when my hosting service provider doesn't?

How does your hosting provider allocate IP? You should just be able to provide a CIDR range

i don't know, and they don't talk about it. i haven't needed it either.

Recommend you ask them

Then provide that cidr range for the key

you're not helping but i don't know if you're trying to

how do i tell stripe: "accept all requests regardless of IP, because it will keep changing, including when i'm asleep, and there will be no one to come update the key's configuration?"

You can't

You need to provide the cidr

Your provider will be able to give you a cidr for all their possible ips

that's unfortunate, given that there's no rationale given for the special post 48-hour restrictions.

it seems arbitrary. oh you waited 48 hours? here are some extra restrictions we're imposing now.

what's the point? if i may ask?

From the link in the error. message

with all due respect, that's not a reason. you could say the same about any key at all.

I'm just the messenger

I didn't make the rule

but also, this statement is a logical nonsense:

long term programmatic access to sensitive verification results increases the impact of leaking an API key.

Talk to our support team if you have grievances, but I gave you the solution

i don't think i should be mad at you given that you have no input into the implementation. you're only required to justify and explain what other people have decided.

i'm ex-stripe engineer so i know how difficult your work can be 🤗